Security Issues Response

On Sunday afternoon we became aware of a Heroes of Newerth password security breach. We immediately took steps to limit the risk to our players by directly advising the community to change the passwords for any linked accounts.

We’ve been working around the clock with our internal expert security staff to analyze what happened, and it is our mission to be completely transparent. We know that only passwords were stolen. No credit card or billing information was compromised, as we do not store this information. The security breach occurred when a third-party software that interacts with our account database was hacked. Contrary to some outside reports, the game client was not hacked.

We took immediate action to eliminate any future password storage issues by removing the third-parties ability to access sensitive information.

Additionally, while the game was down we upgraded all security systems. The game is back up and all HoN accounts will be prompted to create a new password. All passwords will be expired upon next login. However, we do want to reiterate that those who used the same password for HoN to access anything else to change their passwords.

We take security very seriously. Players must know their sensitive information is secure and S2 will ensure this is the case, no matter the effort or cost.

If you have any questions do not hesitate to ask our Community Manager @s2xanderK.

Game Masters are not Frostburn Studios employees. My posts in no way represent the view of Frostburn Studios or any of its staff.

-----------------------------

Hardcore player. Always improve his gameplay. Never rage against anyone than himself for being weak.
--------------------------------------------------------------------------------------------------------------------------------------------------------------

Are you kidding me? According to reddit and other sources, you used (salted) MD5 for password storage. Any "expert security staff" would know how silly that is. Are those sources just wrong? How does S2 store user credentials?